Add nginx container to serve ruleset files #12
Conversation
Where does this 403 come from? The nginx config in this PR doesn't seem as though it will do that. |
|
@ketudb there's no |
Indeed that's true. I misread and thought the |
There was a problem hiding this comment.
Thanks @maeve-fpf and @ketudb for the review, changes here look good to me.
If understand correctly (please correct me if I'm wrong), with these changes, once migrated to the new platform, and when changes are merge into main, a container will be automatically built and deployed. (details, like the timestamp docker arg will be handled by CI/CD platform). To perform a rollback, we just need to revert the commit in main, and a new container will be built (with the rolled-back rules) and deployed.
Perhaps adding quick instructions on how to locally test upstream nginx changes (using docker commands, since the upstream hashed is pinned in the Dockerfile) could be useful, but also does not need to block merge.
|
That's correct! (It is not, however, set up yet.) I've added a |
There was a problem hiding this comment.
Thanks for adding docs and Makefile target, @maeve-fpf ! Ran into two minor issues with the Docker commands in my local environment (see inline)
This adds a very basic container image definition to serve the ruleset files with Nginx. They're served on
/https-everywhere/;/will return a 403.I chose a port arbitrarily; this is intended to be deployed behind a routing layer of some sort (e.g. k8s ingress) that only forwards requests matching a path to this backend.
Status
Ready for review
Review Checklist
onboarded.txtdefault.rulesets.TIMESTAMP.gz-- inspecting the contents of the JSON file produces the expected rulesPath Prefix:https://raw.githubusercontent.com/freedomofpress/securedrop-https-everywhere-ruleset/$BRANCH_NAME-- I added the HTTPS Everywhere extension to Tor Browser, updated the Path Prefix for the existing entry, visited a site in the ruleset, nothing seems obviously broken../update_index.shproduces no changes, as expected